Summary
Several project dependencies contain known security vulnerabilities, including at least one critical issue in spring-security-web. These vulnerabilities are marked as exploitable and should be addressed by upgrading to patched versions.
Affected dependencies
🔴 Critical
🟠 High
🟡 Medium
Additional context
These issues were identified via GitHub security advisories and are flagged as exploitable as of April 2026.
Question
Would you be open to upgrading these dependencies?
Many thanks for a feedback.
Summary
Several project dependencies contain known security vulnerabilities, including at least one critical issue in
spring-security-web. These vulnerabilities are marked as exploitable and should be addressed by upgrading to patched versions.Affected dependencies
🔴 Critical
spring-security-web - 6.4.13
🟠 High
io.netty:netty-codec-http – 4.1.130.Final
io.netty:netty-codec-http2 – 4.1.130.Final
🟡 Medium
org.bouncycastle:bcpkix-jdk18on – 1.78
Additional context
These issues were identified via GitHub security advisories and are flagged as exploitable as of April 2026.
Question
Would you be open to upgrading these dependencies?
Many thanks for a feedback.